On Sat, 1 May 2021 17:11:48 +0200
Didier Kryn <kryn@???> wrote:
> Le 30/04/2021 à 15:05, Arnt Karlsen a écrit :
> > On Fri, 30 Apr 2021 14:37:20 +0200, Arnt wrote in message
> > <20210430143720.7311bc82@d44>:
> >
> >
> >> https://www.theregister.com/2021/04/29/stealthy_linux_backdoor_malware_spotted/
> > ..how it works:
> > https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
>
>
> This backdoor is targetting systemd and gvfs.
>
> It is not very surprising that systemd is targetted, since it is
> present (by force) in most installed Linux systems.
Unfortunately there are systemd libraries installed by Devuan-beowulf
desktop installation DVD.
There are in
/ver/lib/
/lib
/etc and
/run
It appears to be something in the base system as both the headless
systems I recently set up have/had* them.
Optins selected were
console stuff
print server,
ssh server
and what ever is last.
One system did have xfce-xfce4 selected, but the libraries and not
dependant on these.
*rm -rf systemd on the relevant directories doesn't seem to affect
anything. I did this as 'aptitude search systemd' didn't list any
packages installed.
Memo to self; use minimal installation next time.